CLAIMS 

What is claimed is: 

1 1 . A method comprising: / 

2 receiving a request for a ticket at a ticket server, said request being from a client, 

3 / said ticket to qualify the client to access a key from a key server, said key to facilitate an 

4 event between the client and at least one additional client; 

5 determining if the client is authorized to receive the key; and 

6 transmitting the ticket from the ticket server to the client if the client is authorized. 

1 2. The method of claim 1 wherein determining if the client is authorized comprises: 

2 accessing a databasj that defines authorized clients; and 

3 determining if the clj^nt is among the authorized clients defined by the database. 

1 3. The method of claim 1 /further comprising: 

2 accessing a database that defines associations between authorized clients and 

3 events; j 

4 constructing a summary of all events to which the client is associated based on 

5 the database; and / 

. 

1 4. The method of ^laim 3 wherein the database comprises a directed hierarchy of 

2 groups, wherein each group comprises at least one member client and/or at least one 

3 member event, and wherein constructing the summary comprises: 

4 locating a particular group in the database to which the client is a member client; 
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5 adding identifying information/to the summary for each event, if any, belonging to 

6 the particular group; / 

7 locating at least one ancestor group to the particular group in the directed 

8 hierarchy of groups; and / 

9 adding identifying information to the summary for each event, if any, belonging to 
10 the at least one ancestor groua 

1 5. The method of claim 1 wherein the ticket comprises at least one of an identifier that 

2 indicates a group to which the client belongs, a list identifying at least one event for 
O 3 which the client is qualified, and a digital certificate that indicates that the client is 
m 4 authorized for each listed event. 

-.0 1 6. The method of claim 5 /wherein the list comprises at least one of a title of each listed 

2 event, an internet protocol (IP) address for each listed event, a time indication for each 

:Z 3 listed event, and an IP address for a key server corresponding to each listed event. 

y 1 7. A method comprising: 

2 receiving a request for a key at a key server, said request being received from a 

3 client, and said keyio facilitate an event between the client and at least one additional 

4 client; / 

5 determining if the client is qualified to receive the key based on a ticket 

6 previously obtained by the client from a ticket server; and 

7 transmitting the key from the key sen/er to the client if the client is qualified. 
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1 8. The method of claim 7 wherein the key comprises at least one of a symmetric 

2 cryptographic key for the event, an ii^itiation time for use of the key, and a lifetime for 

3 the key. 

1 9. The method of claim 7 whereirj the client is one of a receiving client and a sending 

2 client. 

1 10. The method of claim 7 wherein the request comprises an initial request for the 

2 event, and wherein receiving thejinitial request comprises: 

3 receiving the initial request at a particular time during a predetermined period 

4 before the event, said particulan time being randomly generated by the client, 

1 11. The method of claim 7 further comprising: 

2 establishing a secure point-to-point link between the key server and the client in 

/ 

3 response to the requests, v\^herein the key is transmitted over the secure point-to-point 

4 link. 



1 12. The method of claim 7 wherein the request comprises one of a plurality of refresh 

2 requests, wherein each of the plurality of refresh requests corresponds to one of a 

3 plurality of forward security windows during the event, wherein each of the plurality of 

4 fonward security wij^ows comprises a repeated time interval, and wherein receiving the 

5 refresh request comprises: 
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I t 

f 

6 receiving the refresh request at a particular time within a corresponding forward 

7 security window, said particu^lar time being randomly generated by the client for a first 

/ 

8 fonrt/ard security window and applied at the repeated time interval thereafter. 

1 13. The method of claim' 7 wherein the key corresponds to a first interval of the event, 

2 and wherein the method further comprises: 

3 determining if the client remains qualified to receive a refresh key; and 

4 transmitting the refresh key to the client if the client remains qualified, said 

5 refresh key corresponding to a subsequent interval of the event. 

s i 

m 1 14. The method of claim 7 wherein the key corresponds to a first interval of the event, 

2 and wherein the method further comprises: 
^ 3 receiving a plurality of additional requests for the key from a plurality of additional 

™ 4 clients; / 

Q 5 determining if the each of the plurality of additional clients are qualified to receive 

[3 6 the key based oti a ticket previously obtained by each of the plurality of additional 

7 clients from the ticket server; 

8 transnrvitting the key to each of the plurality of additional clients that are qualified; 

9 determining if the client and each of the plurality of additional clients remain 

10 qualified to receive a refresh key; and 

1 1 transmitting the refresh key to the client if the client remains qualified and to 

12 each of the plurality of additional clients that remain qualified, said refresh key 

13 corresponding to a subsequent interval of the event. 

1 15. The i;nethod of claim 1 4 further comprising: 

EL414970995US - 29 - 4698.P002 

"Express Mail" mailing label number 



2 establishing a secure multicast/link from the key server to the client and the 

3 plurality of additional clients, wherein^the refresh key is transmitted through the secure 

/ 

4 multicast link. / 

; 

( 

1 16. The method of claim 7 wherein the key server has a synchronized time with respect 

/ 

2 to a sending client for the event/to within a margin of error, and wherein the method 

3 further comprises: / 

4 determining which of plurality of available keys to use for said key based on the 

5 synchronized time. / 

J2 1 17. The method of clainry7 wherein determining comprises at least one of: 

2 verifying that the/request is received within a predetermined period before the 
.J 3 event or time interval during the event; and 

3 4 verifying that the request includes credentials for the event. 

i 1 

1 1 8. The method of claim 7 wherein the request is received within a predetermined time 

Q 2 frame after the event starts, wherein said event is not encrypted during the 

3 predetermined period. 

1 19. A machine readable storage medium having stored thereon machine executable 

2 instructions, execution of said machine executable instructions to implement a method 

3 comprising: / 

4 obtaining a ticket at a client from a ticket server, said ticket defining an event 

5 between the/client and at least one additional client; 

6 obtaining a key at the client from a key server based on the ticket; and 
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7 participating in the event w|/h the at least one additional client based on the key. 

1 20. The machine readable storage medium of claim 19 wherein obtaining the ticket 

2 comprises: 

3 sending a request to the/ ticket server for a list of events in which the client is 

/ 

4 qualified to participate. / 

1 21 . The machine readable sjtorage medium of claim 19 wherein obtaining the key 

2 comprises: / 

3 receiving an indication to participate in the event; and 

C3 / 

'^2 4 initiating a transaction with the key sen/er at a location indicated by the ticket and 

IH / 

% 5 within a time frame prior to a start time of the event indicated by the ticket. 

Co 1 22. A machine readable storage medium having stored thereon machine executable 

2 instructions, the execution of said machine executable instructions to implement a 

r= 3 method comprising: / 

}i 4 receiving a request for a key at a key server, said request being received from a 

5 client, and said key to facilitate an event between the client and at least one additional 

6 client; / 

7 determining if the client is qualified to receive the key based on a ticket 

8 previously obtainyl by the client from a ticket server; and 

9 transmitting the key from the key server to the client if the client is qualified. 

1 23. The machine readable storage medium of claim 22 wherein the request comprises 

2 an initial request for the event, and wherein receiving the initial request comprises: 
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3 receiving the initial request aj'a particular time during a predetermined period 

4 before tlie event, said particular time being randomly generated by the client. 

/ 

/ 

1 24. The machine readable storage medium of claim 22 further comprising: 

2 establishing a secure pomt-to-point link between the key server and the client in 

3 response to the request, wherein the key is transmitted over the secure point-to-point 

4 link. 



1 25. The machine readable storage medium of claim 22 wherein the request comprises 

2 one of a plurality of refresh/requests, wherein each of the plurality of refresh requests 

3 corresponds to one of a plurality of fonA/ard security windows during the event, wherein 
,g 4 each of the plurality of forward security windows comprises a repeated time interval, 

%0 5 and wherein receiving tne refresh request comprises: 

6 receiving the refresh request at a particular time within a corresponding fonA/ard 

^ 1 security window, said/particular time being randomly generated by the client for a first 

fi 8 forward security window and applied at the repeated time interval thereafter. 

1 26. The machine readable storage medium of claim 22 wherein the key corresponds to 

2 a first interval of the event, and wherein the method further comprises: 

3 determining if the client remains qualified to receive a refresh key; and 

4 transmitting the refresh key to the client if the client remains qualified, said 

5 refresh key corresponding to a subsequent interval of the event. 

1 27. The machine readable storage medium of claim 22 wherein the key corresponds to 

2 a first interval of the event, and wherein the method further comprises: 
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3 receiving a plurality of additiohal requests for the key from a plurality of additional 

4 clients; 

5 determining if the each of the plurality of additional clients are qualified to receive 

6 the key based on a ticket previously obtained by each of the plurality of additional 



7 clients from the ticket server; ; 

8 transmitting the key to eacl^' of the plurality of additional clients that are qualified; 

9 determining if the client an^ each of the plurality of additional clients remain 

10 qualified to receive a refresh key;|and 

1 1 transmitting the refresh key to the client if the client remains qualified and to 
^.312 each of the plurality of additionar clients that remain qualified, said refresh key 
"b3 corresponding to a subsequent /interval of the event. 

^0 / 

Co 1 28. The machine readable storage medium of claim 7 wherein the request is received 

O 2 within a predetermined time frame after the event starts, wherein said event is not 

^ 3 encrypted during the predetermined period. 

4 29. A ticket server apparatus comprising: 

5 a port to receive a rdquest for a ticket, said request being from a client, said 

6 ticket to qualify the client to access a key from a key server, said key to facilitate an 

7 event between the client and at least one additional client; and 

8 circuitry to determine if the client is authorized to receive the key, and to transmit 

9 the ticket through the port to the client if the client is authorized. 
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30. A key server apparatusycorriprisirig: 

a port to receive a request for a key, said request being received from a client, 
and said key to facilitate an event between the client and at least one additional client; 
and / 

circuitry to determine if the client is qualified to receive the key based on a ticket 
previously obtained by the client from a ticket server, and to transmit the key through 
the port to the client if the client is qualified. 
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